Smart Access Gateway (SAG) provides the access control list (ACL) function in the form of whitelists and blacklists for different SAG instances.
ACL usage process
The process is described as follows:
- Create an ACL, and set the ACL name.
- Set an ACL rule for the ACL.
- Add an SAG instance to the ACL.
- You can configure multiple ACL rules for an ACL. You can also add SAG instances to
the rules or remove the instances from them.
Note An SAG instance can be associated with only one ACL, and the quota cannot be adjusted.
- You can modify or delete existing ACL rules.
ACL configuration recommendations
The recommendations on ACL configuration are as follows:
- Use ACL as a whitelist.
- Follow the minimum authorization principle. For example, you can choose to open a specific port (such as port 80).
- All applications should not be managed with only one ACL, and different layers have different access control requirements.
- Add instances with the same security requirements to the same ACL, and there is no need to configure a separate security group for each instance.